(A key technique of Security Management (SOC) is event-related analysis. With the real-time event-related analysis engine, the security management method can unearth the messy and massive security logs and the hidden information behind the events, and guide the security managers to discover external intrusions/intrusions and internal violations. As the fifth article in this series, I will deeply analyze the technical architecture of the relevant analysis engine of the safety management system, and show readers the value and prospects of the relevant analysis.
In-depth analysis of SOC high-performance real-time event-related analysis engine.doc)